Welcome to issue number 61 of Last Week in AWS.
Another week has gone, and a bunch of AWS news along with it. AWS themselves has weighed in on the Rekognition drama from the week before, re:Invent hotels continue to sell out, and I'll have something interesting to show off in next week's issue.
It’s a brand new quarter, and that means that Last Week in AWS sponsorships are available. If you’ve got a message that would resonate with this newsletter’s educated, professional, and attractive audience, please hit reply.
A thoughtful piece on business models and strategy, with a heavy Amazon bias. Invisible asymptotes is a great read when you’ve got some time to kill; I intend to digest it on my next long plane ride.
It’s worth pointing out that Detailed Billing Reports are officially deprecated. It may be time to consider updating your automation unless yo enjoy watching things break on you…
In a move that could absolutely not backfire in any possible way, “get me a date” uses Rekognition to identify what you find appealing in romantic partners, and starts “improving” your matches. I’m backing away slowly from this one.
This is an older article that came across my desk last week. A high-level AWS employee talks about data center philosophy, and how it informed the choices that AWS made with its AZs and regions.
Robert Tisdale is correct when he says You Shouldn’t Host Wordpress on AWS. I’ve done Wordpress installations a few times on AWS, and absolutely recommend making it someone else’s problem– wordpress.com, WPengine, etc. Even the AWS reference architecture diagrams show that Wordpress is done with EFS and a bunch of other architectural crutches. It’s just painful to run yourself…
It took some doing, but I found an even angrier and more sarcastic take on this year’s Gartner’s Cloud Magic Quadrant than my own.
The inaugural REdeploy conference (exploring the intersections of resilient technology, organizations, and people) is coming to San Francisco this August. Last Week in AWS is proud to be a media sponsor. More to come on that in coming weeks...
Friend of the newsletter Datadog is having their Dash conference in New York on July 11-12. If it works for your schedule, I strongly suggest attending; AWS is a platinum sponsor, and longtime readers know how finicky they are about putting their logo on any conference that doesn't have the word "Amazon" in the title somewhere. Use the code "DASHLAST" to get 20% off of registration.
This week’s S3 Bucket Negligence Award goes to Honda India. 50,000 customers’ personal information was left exposed in an insecure S3 bucket– and a well-meaning researcher left a warning in a text file in that bucket months ago!
This is a great primer for how VPC concepts work in terms that newcomers to AWS can wrap their heads around.
A power outage caused an incident in us-tirefire–1 to go down late last week. Hugs to the AWS teams who had to deal with the incident, as well as those who’ll have to explain the facts of life to irate customers who don’t quite understand that these things happen periodically.
I’ve occasionally gotten into spirited “debates” with AWS employees when I posit that AWS comes for its partners in the night. I maintain that I can’t think of a single thing an AWS partner does today that will still be a viable business (read as: not eaten by AWS itself) in 5–10 years without radical transformation. The platform continues to improve, and AWS seems almost pathologically averse to others making money from its customers. Fortunately, I’m not alone in airing these thoughts; the Wall Street Journal talks about how AWS terrifies its partners (paywall warning).
ZDnet has gone on a voyage of discovery around a subject near and dear to my heart: monthly cloud computing sticker shock. I think their article conflates two issues– while finance does indeed have problems with how much money is going towards the AWS bill, they’re often more concerned by how unpredictable it is from one month to another. You can plan for almost any expense as a company, but only if you can predict it in advance.
Amazon QuickSight announces Pay-per-Session pricing, Private VPC Connectivity and more! - Ooh, finally a pricing model that works wonderfully for those “build me a dashboard we’ll look at twice and never visit again” tickets.
Amazon SageMaker Achieves HIPAA Eligibility - It feels like Amazon is trying to beat WebMD and “Dr. Google” to the punch of telling you that you’ve got cancer every time you research a symptom.
Amazon ECS Adds Options to Speed Up Container Launch Times - This feature lets you elect to have container images downloaded to the EC2 host and kept there for future launches rather than re-downloading them every time. Hooray– CloudFront’s caching troubles now come to ECS!
Amazon ECS Agent Adds Signing for Additional Security - ♪ ♫ ♬ There’s a tool that helps reduce the danger / Of getting your app exploited by a stranger / With every push you make / another chance your code might break / Odds are you won’t stay up until tomorrow ♪ ♫ ♬ Wait. “Signing.” Not “Singing.” Oops.
Amazon EFS now a HIPAA-Eligible Service - If you’re running HIPAA regulated workloads, rejoice— now you too can take crappy architectural shortcuts you’ll live to regret.
Amazon Neptune is now generally available to build fast, reliable graph applications - Fast, reliable giraffes are on everybody’s wish list– now that Neptune has gone GA, you can get yours today.
Amazon Rekognition Achieves HIPAA Eligibility - Amazon’s HIPAA auditors: “We rekognize that you’ve complied– DAMMIT, now you’ve got us misspelling that word too!”
Amazon SNS Message Filtering Suports Amazon CloudWatch Metrics - I’m just going to say it: CloudWatch Metrics are arcane at best. No matter how many features AWS piles on top of the platform, until that changes you’re still going to have to pay third party vendors to make anything approaching sense out of them– or worse, build your own systems to consume the metrics.
Application Load Balancer Simplifies User Authentication for Your Applications - This is nifty. You can now natively have users authenticate through the load balancer to access applications running in AWS. Let me remind you that if your application only supports Facebook for authentication, yours is likely a terrible company.
Amazon CloudFront announces the launch of its eighth Edge location in Tokyo, Japan - In two weeks I’ll be in Tokyo to speak about Lambda at the Open Source Summit. I’ll also be conducting interviews with anyone who gives the slightest crap about yet another CloudFront Edge location there. Don’t expect a lot of content on that one…
Announcing the Golden AMI Pipeline - This is a really neat workflow. I want to just go ahead and say that now before I’m buried in “THAT’S NOT HOW WE DO IT AT $TECH_UNICORN!!!” responses.
How to rotate your Twitter API key and bearer token automatically with AWS Secrets Manager - This is a terrible idea. If you securely manage your Twitter credentials, how are you going to claim you were “hacked” when you’re called out for your crappy opinions, genius? I expose my own in no fewer than four misconfigured S3 buckets for just this reason.
Atlassian has open sourced squeegee; it consumes Current Usage Reports and spits out analytics around your billing data.
I’m not entirely clear why someone would host a web service to simulate EC2’s metadata endpoint, but my use case may well not be yours.
If I told you that there was a project called Euclid, you’d yawn and stop reading. For those who kept going, it’s a Chrome extension that lets you query DynamoDB. I’m unreasonably excited about this; it makes developing DynamoDB powered applications far easier for those of us who struggle with datastore concepts.
…and that’s what happened Last Week in AWS.
I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.
If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.
List archives are always available at https://snarkive.lastweekinaws.com/